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REMARKS/ARGUMENTS 
This Amendment is in response to the Final Office Action mailed April 2, 2009, 

Claims 1, 2, 5, 6, 9-1 1, 13-15, 20, 21 , 23-25, 30, 3 1, 33-36, 41 and 44-52 were pending hi the 

present application and have been rejected. 

Applicants have amended claims 1, 2, 5, 6, 1 1 5 14, 15, 24, 25, 41, 45, and 47 and 

added claim 54. Applicants submit that no new subject matter lias been introduced by the 

amendments or the new claim. Claims 1, 2, 5, 6, 9-11, 13-15, 20, 21, 23-25, 30, 31, 33-36, 41, 

44-52, and 54 remain pending in the present application after entry of this submission. 

Reconsideration of the rejected claims is respectfully requested 

THE CLAIMS 

Rejections under 35 U.S.C. § 103 

Claims L 2. 5. 6. 9-11. 13-15, 20. 2L 23-25. 30. 31. 33-36. 41 and 44-52 

Claims 1, 2, 5, 6, 9-11, 13-15, 20, 21, 23-25, 30, pi, 33-36, 41 and 44-52 are 
rejected under 35 U.S.C. §103(a) as being unpatentable over Cheng (U.S. Patent No. 6,067,548) 
(hereinafter n Cheng n ) in view of SiteMinder Policy Server Operations Guide, Version 4.0 
(hereinafter "SiteMinder"), and further in view ofMcNally et al,(U.S. Patent No. 6,823,513) 
(hereinafter M McNally ,r ). Applicants respectfully disagree. 

Claim 1 recites among other features: 

i 

1. A computer-implemented method for using workflows to perform a task, the 
method comprising: 

associating each workflow of a plurality. of workflows with a corresponding domain 
of a plurality of domains in an identity system, each domain of said plurality of domains 
comprising one or more entities and each workflow of said plurality of workflows using 
different predefined set of steps to perform the task; 

receiving a request to perform said task that affects at least one identity profile 
associated with an entity in said identity system; 

determining from said plurality of domains, a domain that includes said entity with 
which said at least one identity profile is associated; 

determining from said plurality of workflows, a workflow associated with said 
domain and capable of performing said task; 

perfonrung said workflow for said task; 

wherein said pertorroing comprises executing said predefined set of steps of said 
workflow to perform said task; and 
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said request includes an identification of said at least one identity profile. 
(Applicants' claim 1, as amended) 

As recited in claim 1, each workflow of a plurality of workflows is associated 
with a corresponding domain of a plurality of domains in an identity system where each domain 
comprises of one or more entities. Each of these workflows performs the same task but different 
predefined set of steps are used by each workflow for performing that task. 

Further, as recited in claim 1 , upon receiving a request to perform the task that 
affects an identity profile, the method of claim 1 determines, a) from the plurality of domains, a 
domain that includes the entity with which the identity profile is associated, and b) from the 
plurality workflows, a workflow that is associated with the determined domain and that can 
perform the requested task. The determined workflow is performed by executing its predefined 
set of steps for performing the requested task. Therefore, for performing tasks that affect an 
identity profile of a domain only the workflows that are associated with that domain can be used. 

Such features of claim 1 may be used for example in complex systems where the 
identity system stores information about different organizations including the companies, their 
suppliers, partners, and employees. Each of these organizations needs to perform various tasks 
on the information stored in the identity system. But for performing a particular task each 
organization may have different workflow procedures and processes for performing that 
particular task. The different organizations (or users of the identity system ) can define different 
workflows according to their requirements and the workflows can then be associated with their 
corresponding domains with which their workflows must be used. The "associating" in claim 1 
recites how workflows performing the same task can be associated with domains. Upon 
receiving a task request, the "determining from said plurality of domains, a domain", and the 
"determining from said plurality of workflows, a workflow" features allow determining the 
domain and the associated workflow to be used for performing tjiat task. This determined 
workflow is the workflow that is associated with the domain of the identity profile identified in 
the task request. For example, a user of the identity system namely, supplier A may use one 
method for performing a task such as adding a new user to its relevant domain (i.e., the domain 
containing information related to supplier A). Another user of the identity system namely, 
supplier B may use a different method for performing the same task. Different workflows can 
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then be defined for suppliers A and B and associated with their respective domains with which 
each of those must be used. Since the task request includes identification of the identity profile 
that it affects, the domain comprising the entity with which that identity profile is associated can 
be determined and then the workflows associated with that domain and capable of performing 
the task can be determined. (See specification page 2: line 13 to page 3: linelO.) 

Applicants submit that none of the references Cheng, SiteMinder, and McNally 
either individually or in combination teach such features. 

The portions of Cheng coL 11:59-27, col. 3:15-coL 5:16, col. 6:40-col. 7:67 and 
col 13:9-col. l6:10andcoL 16:10-65 referred to in the Final Office Action do not teach the 
features of claim 1. 

The Final Office Action alleges that col. 1 1 ;59-27 of Cheng teaches the 
"associating" feature 6f claim 1. Applicants respectfully disagree. Firstly, this portion of Cheng 
has no mention of workflows. Further, Applicants fail to see how the "unique identifier for a 
domain" described in this section of Cheng equates to the "associating" feature of claim 1. This 
portion of Cheng describes servers, domains, organizations within a domain, globally unique 
identifiers for the domains and organizations, and updates to the organizational information. 
This portion of Cheng seems to suggest that domains can contain multiple organizations and 
while domains have globally unique identifiers, organization names are unique only within the 
domain- Therefore, a universally unique identifier (UUID) for the organization is the name of 
the organization combined with the globally unique identifier of the domain that contains the 
organization. There is however no mention of workflows or any teaching or suggestion of 
associating workflows with a domain, let alone workflows that perform the same tasks associated 
with different domains, as recited in claim 1 . Accordingly, Applicants submit that this section of 
Cheng does not teach the "associating" feature of claim 1 , 

Additionally, as discussed in the previously filed response (filed on 16 th 
December 2008), the other cited portions of Cheng namely col. 3: 15-col. 5:16, coL 6;40-coL 7:67 
and coL 13:9-col. 16: 10 and col 16:10-65 also do not teach or suggest the features of claim 1. 

For example, the virtual links in Cheng associate or relate one member object to 
another member object in the organization, which is not equivalent to associating workflows 
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with domains. The virtual links between the member objects are defined using an expression so 
that the relationship between member objects can be resolved dynamically by evaluating the 
expressioa For example, from column 14 of Cheng, the script EXECUTE BY manager of 
$INlTIATOR_OF_PROCES S includes a virtual link "manager^ that defines the relationship 
between the manager_of and the initiator of the flow of the process. Evaluation of this 
expression for a member such as M will verify whether Mis the manager of the initiator of the 
process and thereby authorized to execute the step of the workflow process. Accordingly, 
Applicant submits that virtual links in Cheng are for linking or associating two members, as in 
associating X as a manager of Y. Using this association (or expression), a script specifies the 
members (for example, manager_of) who can perform a step of the workflow process. 

Therefore, instead of including a name(s) of a members) authorized to perform a step of the 

i 

workflow, the script specifies a relationship expression that can be evaluated dynamically to 
identify members authorized to perform the step. Additionally, this association between 
members in Cheng is for identifying members authorized to perform a step of the workflow and 
not for identifying work flows from a set of workflows to perform a task. Cheng lacks the 
limitation in claim 1 of associating a workflow with a domain, which is required to be able to 
identify the workflows that may be used to perform a task affecting the identity profiles of the 
entities of the domain, More specifically, Cheng does not teach.or suggest at least the feature 
recited in claim 1 of associating each of a set of workflows with one or more domains, where 
each workflow uses different predefined set of steps to perform the same task. 

The Final Office Action acknowledges that Cheng does not teach the 
"determining from said one or more dnmaiTic, ^domain . . and the "determining from said set 
of workflows, a workflow _» features of claim 1 but asserts that these features are taught by 
SiteMinder at pages 235-237, 302-304, and 325-328, Applicants respectfully disagree. 

SiteMinder also does aet cure the deficiencies of Cheng. SiteMinder portions are 
related to controlling a user's access to protected resources in a policy domain by resolving 
policies in the policy domain. In response to a user's request to access a protected resource the 
policy that specifies the user and the protected resource is resolved to determine whether the user 
can access the protected resource. This is completely different from the features of claim 1 
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discussed above that are related to determining the domain and the associated workflow that can 
perform a requested task. The SiteMinder portions cited in the Final Office Action do not appear 
to have any relation to workflows, especially workflows that use predefined set of steps to 
perform a requested task affecting an identity profile. 

It appears that the Final Office Action is equating the policies" and "actions" in 
SiteMinder to the * ^workflows" and "task" respectively, in claim 1 . Applicant submits that this is 
incorrect for at least the reasons discussed below. A workflow recited in claim 1 comprises a 
predefined set of steps to perform a task. For example, a workflow may comprise a predefined 
set of steps to perform a task such as adding a user, deleting a user, or making changes to a user's 
identity profile (see specification page 36: lines 6-8 and Table 1 j. On the other hand, as 
described in SiteMinder Chapter 12 pg. 325, policies define how users interact with resources. 
Policies bind users, resources, and actions triggered when the users access the resources. The 
policies or rules described in SiteMinder are used, to determine whether the user can access a 
particular resource or not SiteMinder does not appear to teach or suggest anything about 
policies comprising predefined set of steps for performing tasks that affect an identity profile, In 
feet, the "policies*' in SiteMinder do not perform any tasks equivalent to the "tasks" in claim L 
Additionally, SiteMinder does not teach or suggest anything about multiple workflows 
performing the same task. More specifically, SiteMinder does not teach ot suggest each of a set 
of workflows comprising different predefined set of steps for performing the same task as in 
claim 1. 

The Final Office Action's comparison of "actions" in SiteMinder to the "task" in 
claim 1 is also incorrect As described in SiteMinder in Chapter 12 page 32S, a policy is created 
to link users, resources, and actions that should take place when.those users access the specified 
resources. The actions take the form of SiteMinder responses that are described in Chapter 1 1 of 
SiteMinder. Thus, the "actions" in SiteMinder are actually responses to a user's request for a 
resource as specified in the policy. When a user specified in a policy attempts to access a 
resource identified in the policy's rule, the system in SiteMindei; resolves the policy to determine 
what "action* 1 should be triggered in response to the user's request. Further, the "actions" that 
are triggered are associated with the user's accessibility of the resource such as allowing/denying 
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the user access to the requested resource, customizing the content sent to the user and the user's 
session time, redirecting the user to other resources, etc. Pages 304, 325 of SiteMinder list the 
different types of actions or responses in SiteMinder: 

allowing/denying access to resource (WebAgent-OnAccept or WebAgent- 

OnReject), 

customizing user's session time when access allowed (e.g., WebAgent- 
OnAuthAccept-Session-Idle-Timeout), ' 

redirecting the user to other resources when allowed/denied (e.g., WebAgent- 

OnAccept-Redirect, WebAgent-OnReject-Redirect), 

customizing the content the user receives (e.g., WebAgent-OnAccept-Text, 

WebAgent-OnReject-Text). 

None of the "actions" or responses described in SiteMinder appears to be related 
to performing any actions or tasks that affects an identity profile 

Additionally, claim 1 specifically recites receiving a request to perform a task. 
Since an "action" in SiteMinder is a response to a user's request, there is no teaching in 
SiteMinder of receiving a request to perform the response or action. Further, claim 1 recites 
several features such as "determining from said set of domains a domain . . " and "determining 
of a workflow associated with said domain . . " based upon the requested task. The "actions" in 
SiteMinder do not appear to initiate any such determining steps as in claim 1 . 

Based upon the above, Applicants submit that a policy in SiteMinder is not the 
same as a workflow recited in claim 1 and that an action in SiteMinder is not the same as the ta^k 
recited in claim L Applicants therefore submit that SiteMinder does not teach the "determining 
from said one or more domains, a domain ..." and the "determining from said set of workflows, 
a workflow . > " features of claim 1 and accordingly does not cure the deficiencies of Cheng. 

McNally also ails to cure the deficiencies of Cheng and SiteMinder. 
Accordingly, Applicants submit that even if Cheng, SiteMinder, and McNally were combined as 
suggested by the Office Action* even then the combination would not render claim 1 obvious. 
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Further, Applicants submit that there is no motivation to combine Cheng, 
SiteMinder, and McNally, The Final Office Action asserts that Cheng, SiteMinder, and McNally 
are all directed toward policy and identify management for workflows and that it would have 
been obvious to one of ordinary skill in the art at the time of the invention to combine 
SiteMinder, McNally and Cheng, since it would have been obvious to combine the known prior 
art elements of a workflow system with rules corresponding to identity profiles (Cheng), with an 
identity system associating users with domains (SiteMinder). Applicants respectfully disagree at 
least for the reasons discussed below. 

SiteMinder does not describe anything about workflows and multiple workflows 
each of which comprise different predefined set of steps to .perfbrm the same task, SiteMinder is 
primarily related to determining user's accessibility to resources and uses policies that define 
users, resources and responses to the user's request for those resources. As discussed above with 
respect to claim 1,/the policy in SiteMinder is not equivalent to workflow, A policy in 
SiteMinder links users , resources, and actions that must take place when a user specified in the 
policy requests the res ources specified in the policy. On the other hand, Cheng does not describe 
anything about policies and policy domain. Cheng is related to organization modeling and 
management of organization objects and describes workflow systems in the context of systems 
that can be benefitted from the organization modeling of Cheng. A workflow in Cheng is 
described as providing a framework on which multiple tasks and applications are integrated to 
form a network of ste ps to accomplish a business process. (See "Cheng columns 13 and 14). This 
is not equivalent to the policy described in SiteMinder. Therefore, Applicants submit that the 
workflows in Cheng and the policies in SiteMinder are not equivalent and accordingly one of 
ordinary skill in the art would not have considered it obvious to icombine the two references on 
the basis of the workflows in Cheng and policies in SiteMinder, 
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CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance and an action to that end is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 



Respectfally^ubmitted, 



TOWSEND and TOWNSEND and CREW LLP 

Two Embarcadcro Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 650-326-2400 

Fax: 415-576-0300 

Attachments 

SBK;ra4g 

62193*45 vl 




or Patent Counsel, 
iReg. No. 37,652 
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